fb9c25da973a81fbbaca16011aba651bf9b5e1d98f1f1a5a500ab00c781ebcb8 | Triage

Resubmissions

29/06/2024, 20:48

240629-zlmr7awbre 8

29/06/2024, 20:47

240629-zlcbfswbra 8

Sharing

General

Target

Win32.ZeroCleare.zip
Size

560KB
Sample

240629-zlcbfswbra
MD5

a63b2fdcc4a32b00d5b475f56f9c4ac9
SHA1

b8aa7a6c2c975d1711cc6b9344c58f5594cfb386
SHA256

fb9c25da973a81fbbaca16011aba651bf9b5e1d98f1f1a5a500ab00c781ebcb8
SHA512

d1e5c61c2524d17c8aea641b441cb40758428fd30583c1953778f775470e126c0c4f33e275989623173b515fb0245b02f9fe715d695784b6a1125e475b7aba7f
SSDEEP

12288:nkhWmek8cSrovkD07vA3jT0fFZ2ArMKFU1jHw1FphcIoQSp2r:nkhWmek8cSavA3vgCF1jHs5SIr

Score

8^/10

execution persistence

Malware Config

Targets

- Target
  
  ClientUpdate.exe (x64).bin
- Size
  
  308KB
- MD5
  
  1a69a02b0cd10b1764521fec4b7376c9
- SHA1
  
  0d0b9299674868dbec74317c9c20de0c6c5a0549
- SHA256
  
  becb74a8a71a324c78625aa589e77631633d0f15af1473dfe34eca06e7ec6b86
- SHA512
  
  e9d02d292fceecc04584221e59cc4d5753dcf4ffc20c1d3fe58ec6d578024a03b775358cd2627b254bd9b274ec4153538b06b6152ef3e4c38a8138176bddfa48
- SSDEEP
  
  6144:HwDOaOGnrViaqj8qxA5ZmDvHBGTVdEolim6U9iceu:Ho3q5vhGTXj
Score

1^/10
behavioral1 behavioral2
- Target
  
  ClientUpdate.exe (x86).bin
- Size
  
  324KB
- MD5
  
  33f98b613b331b49e272512274669844
- SHA1
  
  cc99395963de6da81dac96929a8e234c8415714a
- SHA256
  
  2fc39463b6db44873c9c07724ac28b63cdd72f5863a4a7064883e3afdd141f8d
- SHA512
  
  3b3bd4dfe58422a6bc798fbfc591cb75e947f6fe51aa30d102a8bb792d862e52813f37cb0c940a2a9cfd0066f021afedb6bc8ac73d397b39fec63de7416fb065
- SSDEEP
  
  6144:7Udgoiru/R7V55fTHVj12xgdVVsN1l7GGEULXyIl67TRoEY6cAOehFWucwOTM:7ciS/R7VDfR9dkt9EKAR1+EILtTM
Score

8^/10

execution persistence
- Creates new service(s)
  persistence execution
behavioral3 behavioral4
- Target
  
  Dustman.exe
- Size
  
  258KB
- MD5
  
  8afa8a59eebf43ef223be52e08fcdc67
- SHA1
  
  e3ae32ebe8465c7df1225a51234f13e8a44969cc
- SHA256
  
  f07b0c79a8c88a5760847226af277cf34ab5508394a58820db4db5a8d0340fc7
- SHA512
  
  b3192d96307e91a988e1c653457dd09ffbdcacf9770cdc3dbc4985443f2ed1343c0088f989ae77b6b0944a5f608af9597c8c8218f0c1456d8cccff15cc6d744d
- SSDEEP
  
  6144:h2+Z0A0chhA+AosUTvc2Y8Y7wyjo7m9nnnhNS:h2U0chhA7fUTE2Y8Y7LjJU
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  agent.exe
- Size
  
  113KB
- MD5
  
  f5f8160fe8468a77b6a495155c3dacea
- SHA1
  
  20d61c337653392ea472352931820dc60c37b2bc
- SHA256
  
  44100c73c6e2529c591a10cd3668691d92dc0241152ec82a72c6e63da299d3a2
- SHA512
  
  c65b86d579f7c0defba655ce440a20f1bb5447e058861540e92d80968131d40cc9fa42defb2c613d92de323f42301f59eacc6cfce5f34ca2c2170f0692919db8
- SSDEEP
  
  3072:VKMMWFhWGRGhZIzPic5RbQ9b4R1DcMxaiJe:AMZh1kUPiMMKR1DTJ
Score

1^/10
behavioral7 behavioral8
- Target
  
  1EF610B1F9646063F96AD880AAD9569D.bin
- Size
  
  143KB
- MD5
  
  1ef610b1f9646063f96ad880aad9569d
- SHA1
  
  bb1ca3681747a48d82d2a95d573ee82adff2b0bd
- SHA256
  
  563653399b82cd443f120eceff836ea3678d4cf11d9b351bb737573c2d856299
- SHA512
  
  d60698a68ce362eb348b506e27c3aeec65f64e118687b927e1b2f23da573365147c1271f9ce5b671445ee0712c0658e15da8325def2ea60eb0ef65c56caa0ff0
- SSDEEP
  
  3072:LVdxH/6/8k2spAtOvXI35qpKvM9EUbE0i3:Zb6835qpKvMzvi3
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

executionpersistence

behavioral4

executionpersistence

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10